|
|
>> Sun Ray Server Kiosk Mode Root Privilege Escalation Vulnerability
|
Title : Sun Ray Server Kiosk Mode Root Privilege Escalation Vulnerability
VUPEN ID : VUPEN/ADV-2008-1454
CVE ID : CVE-2008-2112
Rated as : Low Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2008-05-08
|
A vulnerability has been identified in Sun Ray Server Software, which could be exploited by malicious users to obtain elevated privileges. This issue is caused by an unspecified error in the Sun Ray Kiosk Mode software, which could allow a local or remote user with Sun Ray administration privileges to execute arbitrary commands with root privileges.
Affected Products
Sun Ray Server Software version 4.0
Solution
Sun Ray Server Software 4.0 (for Solaris 10 / SPARC) - Apply patch 128165-01 or later
Sun Ray Server Software 4.0 (for Solaris 10 / x86) - Apply patch 128166-01 or later
Sun Ray Server Software 4.0 (for Linux RHEL AS 4, SLES 9) - Apply patch 128167-01 or later
References
http://www.vupen.com/english/advisories/2008/1454
http://sunsolve.sun.com/search/document.do?assetkey=1-66-236944-1
Credits
Vulnerability reported by the vendor.
ChangeLog
2008-05-08 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
